PRIOn knowledge basePRION:CVE-2019-13504

HistoryJul 11, 2019 - 2:15 a.m.

Design/Logic Flaw

2019-07-1102:15:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.1%

There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq10.0
exiv2le0.27.2

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	10.0
exiv2	le	0.27.2

References

www.securityfocus.com/bid/109117

fuzzit.dev/2019/07/11/discovering-cve-2019-13504-cve-2019-13503-and-the-importance-of-api-fuzzing/

github.com/Exiv2/exiv2/pull/943

lists.debian.org/debian-lts-announce/2019/07/msg00015.html

lists.debian.org/debian-lts-announce/2023/01/msg00004.html